We hope you got a chance to read four blogs on Artificial Intelligence (AI). The blogs covered security and compliance considerations, challenges, and governance aspects of AI, AI policies, AI Use Cases, and whether is AI is good for cybersecurity.
The subject of today’s blog is an interesting one. We are looking at two are which continue to confuse the IT Management team. They are Key Risk Indicators (KRI) and Key Performance Indicators (KPI).
A KRI is a metric for measuring the likelihood that the combined probability of an event and its impact will exceed the organization’s risk appetite. A KPI is a key measurable value that indicates progress toward an intended result or in achieving intended results. The measured value of KRI should be able to reflect the negative impact it would have on the organization’s KPI. Identifying key risk indicators requires an understanding of the organization’s goals.
Historically, many cybersecurity tools were based on either signature-based solutions or agents running on the system to gather the data and analyze further to identify threats or unknown behavior. The different variants and number of cyber-attacks are always a challenge to rules-based signature systems to detect. There is an ever-growing need to stop the attack using preventive measures without having human interaction in identity, protect, detect, respond, and recover processes.
In part-I we discussed a few examples on how AI can be applied Security and Compliance:
- Identifies actionable insights from data using Data Analytics
- Identifies impending failures and threats before they may occur
- Flags suboptimal operational and maintenance workflows
- Automates repetitive security & compliance tasks
- Enhances human analysis
AI will learn from analyzing the environment about various types of attacks and issues to suggest the best possible solution to the problem at hand. There is also another side to it too. What benefits the cyber community in preventing cyber-attacks could also be used by the hacker in advancing their skills to make it an even stronger and very effective way of attacking. The hacker can amplify attack frequency and sophistication using AI as a force multiplier.
AI is integrated into technology, platforms, and solutions. The mobile application is powered by AI to provide personalized results. The AI is used in a differential privacy approach where customer data is secured and at the same time used for providing value-added services for a more personalized experience. There is another side to it too and the use of machine learning for data mining and analytics also has consequences of data being exploited.
The Internet of Things (IoT) systems always had challenges with security. The traditional information systems monitoring was based on the agents installed on the systems to capture the anomalies. The AI-based system will be able to analyze the packages originating from the IoT systems and identify whether the systems are communicating with unknown or malicious sites/IP addresses. Over a period, the system will have enough data to analyze and create a baseline which in turn will be used to identify the behavior pattern that deviates from baseline and create alerts to notify the cybersecurity team.
The different AI-based tools in the market using AI/ML learning to enhance cybersecurity. Below are a few examples of AI use by cyber companies.
- To profile and detect threats, compromised accounts, privilege abuse, and other anomalies.
- To separate critical risks from routine network activity, identifying chains of activities that result in attacks.
- In an analytics platform that provides threat monitoring, hunting, and analysis to get ahead of threats.
- In machine learning-powered products that detect and protect against malware, ransomware, trojans, and other threats.
- In the platform that helps to prevent threats before they can cause damage, predicting and protecting against file-less attacks, malware, and zero-day payload execution.
- In a security platform that prevents breaches, spear phishing, and data loss from harmful emails.
- To predict security breaches and stop malicious bot activity.
- To help businesses and organizations identify suspicious activity before it’s in their networks.
To summarize, the hacker will use AI to find ways of avoiding detection, prevention mechanisms and continuously find new ways to attack. Whereas on the defensive side the cybersecurity team will use the AI to develop monitoring and predictive capabilities to stop the attacks.
RELATED POST: How to Write Effective KRIs Part II